ASP.NET Core Configuration File Detected

ASP.NET Core applications can read configuration data based on key-value pairs from multiple providers and sources. By using the JSON configuration provider, data can be retrieved from predictable configuration files named appsettings.json and appSettings.Environment.json. Developers sometimes...

Design/Logic Flaw

cmseasy V7.7.520211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file config / configdatabase can be read through this vulnerability...

GHSA-7F2C-VP52-GMFW OpenStack keystonemiddleware does not verify certificate

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

PT-2022-19142 · Apport +2 · Apport +2

Name of the Vulnerable Software and Affected Versions: apport affected versions not specified Description: The /.config/apport/settings parsing is vulnerable to a "billion laughs" attack. This issue affects the parsing of settings in the apport configuration file, making it susceptible to a...

The vulnerability in the protection of configuration files of the Cisco Virtualized Infrastructure Manager (VIM) allows a perpetrator to access confidential information and enhance their privileges.

The vulnerability of the configuration file protection mechanism in the Cisco Virtualized Infrastructure Manager VIM is related to lack of access control. Exploiting this vulnerability can allow an attacker to gain access to confidential information and enhance their privileges...

GHSA-R5M8-5MWX-CMJ8 CSRF vulnerability in Config File Provider Plugin

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing configuration file definitions...

Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file...

GHSA-PMC5-74W3-78MW Jenkins Config File Provider Plugin XSS vulnerability

An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete t...

GHSA-R5JR-82X4-R6J7 Jenkins Crowd Integration Plugin stores credentials in plain text

Jenkins Crowd Integration Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

GHSA-VJR6-CQ22-M4Q5 Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text

Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.awsbeanstalkpublisher.AWSEBPublisher.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text

Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.awsbeanstalkpublisher.AWSEBPublisher.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

GHSA-7JX8-244G-JFPX Jenkins OWASP ZAP Plugin stores unencrypted credentials

Jenkins Official OWASP ZAP Plugin stores Jira credentials unencrypted in its global configuration file org.jenkinsci.plugins.zap.ZAPBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

GHSA-5722-V5WC-X7H8 Jenkins veracode-scanner Plugin stores credentials in plain text

Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

Jenkins veracode-scanner Plugin stores credentials in plain text

Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

Jenkins aws-device-farm Plugin stores credentials in plain text

Jenkins aws-device-farm Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.awsdevicefarm.AWSDeviceFarmRecorder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

GHSA-84P4-7MXC-7PHJ Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text

Jenkins Amazon SNS Build Notifier Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.snsnotify.AmazonSNSNotifier.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

GHSA-3J3V-7F8F-V2XP Jenkins Aqua Security Scanner Plugin stores credentials in plain text

Jenkins Aqua Security Scanner Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.aquadockerscannerbuildstep.AquaDockerScannerBuilder.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

Jenkins CloudShare Docker-Machine Plugin stores credentials in plain text

Jenkins CloudShare Docker-Machine Plugin stores credentials unencrypted in its global configuration file com.cloudshare.jenkins.CloudShareConfiguration.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

Jenkins Bugzilla Plugin stores credentials in plain text

Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file hudson.plugins.bugzilla.BugzillaProjectProperty.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...

GHSA-R798-QX7R-V3GW Jenkins Octopus Deploy Plugin stores credentials in plain text

Jenkins Octopus Deploy Plugin stores credentials unencrypted in its global configuration file hudson.plugins.octopusdeploy.OctopusDeployPlugin.xml on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system...